# Security & Privacy

> How Maestro Scraper stores your data and communicates with external services.

Maestro Scraper runs entirely locally. Your Telegram session is encrypted with your OS keychain; other app data is stored in plaintext on your computer.

## Encrypted Storage

Your Telegram session is encrypted using your operating system's native keychain:

- **macOS**: Keychain
- **Windows**: DPAPI (Data Protection API)
- **Linux**: libsecret or kwallet

This means your Telegram session is protected by your OS login credentials. Other app data (channel preferences, address history, activity logs) is stored locally but not encrypted.

## What Data Is Stored

- **Telegram session** - An encrypted session token that keeps you logged in
- **API credentials** - Only if "Remember credentials" is checked
- **Channel scraping preferences** - Which channels you're scraping and filter settings
- **Address history** - Previously detected addresses (for duplicate detection)
- **Activity logs** - A log of scraping events
- **App settings** - Your preferences (duplicate filtering, bot selection, etc.)

## What Data Is NOT Stored

- Your Telegram password is never stored
- Message content is not persisted (only processed in memory)
- No data is sent to external servers except the Maestro bot, Telegram's own API, and Sentry for error tracking

## Bot Communication

When forwarding addresses to Maestro, the app sends a formatted message containing:

- The detected address(es)
- A link to the source message (if available)